Online Store Security: 8 Must-Complete Steps Against Web Threats

From time to time, cyber attacks of different levels happen all over the world. The 2016 Dyn cyber attack caused multiple services to be unavailable, including Twitter, Amazon, PayPal, and Netflix.

After hearing such news, you want to act immediately to protect your online store and business, don’t you? This post will give you the bare minimum that helps to keep your store safe from the majority of cyber attacks. The sooner you implement these recommendations, the better.

Ecwid merchants won’t have to follow many of them, though. Ecwid conforms to the highest international safety standards that make your store as reliable as a large bank. So your store and your customers are safe. However, the following advice will be useful not only for online store protection but also for your everyday internet surfing.

Security Tips for Everyone

Please, don’t put off completing these steps.

1. Make sure you are the owner of your domain

If you’re using your custom domain name, and especially if it wasn’t you who bought it (but your IT guy, manager, or contractor), check who is the owner — it should be you. Otherwise, another person (or organization) owns your domain name, and they can technically sell your domain name or appropriate it to a different website.

In case your domain is registered with another person’s name, move it to your account using the instructions of your domain provider:

If you are about to buy a domain name, don’t assign this task to a contractor or at least make sure you are the owner. The owners of transnational corporations should register domains with their names too. Remember your login and password, as you’ll need them when it’s time to renew your hosting subscription.

2. Make sure you are the owner of your hosting subscription

If you need hosting for your online store (for example, if you added it to your WordPress.org, Adobe Muse, or Joomla website), make sure that you own your hosting subscription. Otherwise, you run the same risk as when trusting your domain name to someone else. The owner of your hosting account will be able to do anything with your website, even delete it.

You should also keep the login and password of your hosting account for renewing it.

These services require remembering just one password (master password) from their service.

Moreover, 1Password and LastPass can generate unique strong passwords. Use this feature if you don’t have the time or inspiration for creating many passwords by yourself.

It’s very unsafe to have your passwords publicly available, for example by keeping them on paper. The paper can get lost, or damaged by water or simply by time. Don’t keep your passwords in a Notebook/Excel/Word file, as those data can be easily stolen or ruined by viruses.

Plus, an SSL certificate helps to improve ranking in Google and gain customer trust. Another post will tell you more about SSL certificates as well as about how to get them for your online store.

6. Set up two-factor authentication for your email

… And also wherever it’s possible. To access your inbox, you’ll need to type your login+password, and then type a verification code sent to you by SMS or generated in a special app called authenticator. The SMS is sent to your number only, and the app is connected to your account so no one but you can receive this code.

Even if some nasty guy guesses or steals your password, they won’t be able to access your account because the system will ask them to enter the verification code they haven’t got.

If you don’t use two-factor authentication, you can become a victim of viruses or phishing. An intruder can get your email password and could change other passwords that you use (including your online store control panel).

Some services have two-factor authentication by default, for example, MailChimp. Here are the instructions for enabling two-factor authentication in popular services and on social media:

If your website is built with WordPress.org, Adobe Muse, Joomla, or another site builder that requires hosting, don’t neglect updates and don’t hesitate to install them as soon as they are available. Monitor service security notifications and be ready to immediately install security patches to prevent your website from being hacked.

If your website is built with a cloud constructor (such as Ecwid, WordPress.com, Wix), your service is updated automatically, no actions required.

8. Create a backup copy

If your website is created with a content management system (CMS) like WordPress.org, Adobe Muse, Joomla, and others, and is hosted by a separate hosting provider, you should create a backup copy every month.

Large hosting providers do backups automatically or allow you to set up automatic backups (for example, BlueHost). Check with your provider whether they do backups. If not, do it yourself, using one of the instructions on the web (you might need a developer here).

For Ecwid Merchants

Your Ecwid store is as protected as it’s possible today. Ecwid conforms to the security requirements of Level 1 PCI DSS, which is the highest international standard for secure data exchanges for e-commerce. Banks all over the world use the same standard.

We regularly check Ecwid with security scanners, create backups of your stores, update the software, and keep the data on a secure hosting.

However, if you installed Ecwid on your own website, please take care of the site’s security. (Whether you do it or not, your Ecwid store will stay secure anyways.) Follow the steps above to protect your customers and yourself from cyber attacks.

This is the first of our set of posts about internet security for online stores. We’ll be telling you how to confront phishing, which site builders are perfect for beginners in terms of security, and why stores must not preserve customer data by themselves. We’ll try to explain everything in a clear manner that is suitable even for those who don’t have any idea about these issues.

What questions about security bother you the most? Share them in the comments!

About The Author

Anna is a content creator at Ecwid. She loves big cities, pasta and Woody Allen's films.